diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2019-10-08 23:30:55 +0200 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2019-10-08 23:30:55 +0200 |
| commit | 19416046c54fb023f2daaf8c84644ad11d8fb068 (patch) | |
| tree | 2d54d40c07adaef9b7c408fd7ff6bea26825645a /man7 | |
| parent | 534755eed9b8157ee1ad3227d693d0384f5ca3aa (diff) | |
| download | man-pages-19416046c54fb023f2daaf8c84644ad11d8fb068.tar.gz | |
mount_namespaces.7: Tweak discussion of "less privileged" mount namespace
Eric Biederman:
I hate to nitpick, but I am going to say that when I read
the text above the phrase "mount namespace of the process
that created the new mount namespace" feels wrong.
Either you use unshare(2) and the mount namespace of the
process that created the mount namespace changes.
Or you use clone(2) and you could argue it is the new child
that created the mount namespace.
Having a different mount namespace at the end of the
creation operation feels like it makes your phrase confusing
about what the starting mount namespace is. I hate to use
references that are ambiguous when things are changing.
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Diffstat (limited to 'man7')
| -rw-r--r-- | man7/mount_namespaces.7 | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/man7/mount_namespaces.7 b/man7/mount_namespaces.7 index 0edf33b17d..4bcda5ddfe 100644 --- a/man7/mount_namespaces.7 +++ b/man7/mount_namespaces.7 @@ -82,10 +82,11 @@ mount point list seen in the other namespace Note the following points with respect to mount namespaces: .IP * 3 Each mount namespace has an owner user namespace. -As noted above, when a new mount namespace is created, -it inherits a copy of the mount points from the mount namespace -of the process that created the new mount namespace. -If the two mount namespaces are owned by different user namespaces, +As explained above, when a new mount namespace is created, +its mount point list is initialized as a copy of the mount point list +of another mount namespace. +If the new namespaces and the namespace from which the mount point list +was copied are owned by different user namespaces, then the new mount namespace is considered .IR "less privileged" . .IP * |